FBI may cut millions off the Internet to battle DNSChanger malware

There is a possibility that the FBI will cut off Internet access for millions of people on March 8 in an effort to get rid of a Trojan. The malware is dubbed DNSChanger and new research estimates it to be running on computers at over half of the Fortune 500 companies and on machines at nearly 50% of government agencies.

DNSChanger hijacks a user’s Internet settings. It reroutes traffic to fraudulent websites and blocks security sites that could help to scrub the machine of the Trojan. The virus originated in Estonia and is estimated to be hiding out on over a half million computers in the United States. Those computers include machines at over half of Fortune 500 companies and 27 government agencies.

The men suspected of creating the trojan have been arrested, but shutting down the worm’s botnet has been slow going. Because of that the FBI got a court order that allowed it to set up legitimate DNS servers to replace the DNS infrastructure of the Trojan. The problem is that court order expires on March 8.

If the March 8 deadline is not extended anyone who is infected with the DNSChanger virus may be completely blocked from getting online. As of this writing the deadline has yet to be extended.

Figuring out if you have the Trojan and getting rid of it is luckily a pretty easy process. The DNSChanger Working Group and the FBI website both have information about detecting and scrubbing the virus from your system. Unfortunately there are a lot of Internet users who won’t know to get their systems checked out. If the deadline does not get extended, Internet support for a number of companies is going to be very busy with angry phone calls from users who can’t get online and don’t know why.